Sweeping lame DNS reverse delegations APNIC16 – DNS Operations SIG Seoul, Korea, 20 August 2003.

Slides:

Advertisements

Similar presentations

Operational Policies for NIRs in the APNIC Region NIR Meeting APNIC14, Kitakyushu, Japan 4 Sept 2002.

Advertisements

1 Deprecation of ip6.int reverse DNS service in APNIC Project update IPv6 technical SIG, APNIC 21 1 March 2006 Sanjaya.

Managing IP addresses for your private clouds 2013 ASEAN CAS Summit Bangkok, Thailand 7 February 2013 George Kuo Member Services Manager.

Whois Database Clean Up Project Report Database SIG APNIC 16, Seoul, Korea 20 August 2003.

School of Electrical Engineering and Computer Science, 2004 Slide 1 Autonomic DNS Experiment Architecture, Symptom and Fault Identification.

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.

2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.

Implementing Domain Name System

Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.

1 Internet Networking Spring 2006 Tutorial 8 DNS and DHCP as UDP applications.

The new APNIC DNS generation system. Previous System Direct access to backend whois.db files – Constructed radix tree in memory from domain objects –

1 [prop-038] Proposal to amend APNIC Lame DNS reverse delegation policy Policy SIG 7 Sep 2006 APNIC 22, Kaohsiung, Taiwan Terry Manderson.

Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 8: Managing and Troubleshooting DNS.

Impact of Configuration Errors on DNS Robustness Vasileios Pappas, Zhiguo Xu, Songwu Lu, Daniel Massey, Andreas Terzis, Lixia Zhang SIGCOMM 2004 Presented.

Hands-On Microsoft Windows Server 2003 Administration Chapter 9 Administering DNS.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

Reverse DNS. Overview Principles Creating reverse zones Setting up nameservers Reverse delegation procedures.

Domain Name Services Oakton Community College CIS 238.

11.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,

Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

1 Spring Semester 2009, Dept. of Computer Science, Technion Internet Networking recitation #2 DNS and DHCP.

The Domain Name System. Computer Center, CS, NCTU 2 History of DNS  Before DNS ARPAnet  HOSTS.txt contains all the hosts’ information  Maintained by.

Name Resolution Domain Name System.

Chapter 16 – DNS. DNS Domain Name Service This service allows client machines to resolve computer names (domain names) to IP addresses DNS works at the.

1 APNIC reverse DNS management roadmap DNS operations SIG, APNIC 21 2 March 2006.

Copyright © 2011 Japan Network Information Center JPNIC ’ s RQA and Routing Related Activities JPNIC IP Department Izumi Okutani APNIC32 Aug 2011, Busan.

Domain names and IP addresses Resolver and name server DNS Name hierarchy Domain name system Domain names Top-level domains Hierarchy of name servers.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 7: Domain Name System.

Module 5: Planning a DNS Strategy. Overview Planning DNS Servers Planning a Namespace Planning Zones Planning Zone Replication and Delegation Integrating.

Chapter 17 Domain Name System

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 6: Name Resolution.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 6: Name Resolution.

Chapter 29 Domain Name System (DNS) Allows users to reference computer names via symbolic names translates symbolic host names into associated IP addresses.

October 8, 2015 University of Tulsa - Center for Information Security Microsoft Windows 2000 DNS October 8, 2015.

1 APNIC allocation and policy update JPNIC OPM July 17, Tokyo, Japan Guangliang Pan.

Status report on Lame Delegations (work in progress) George Michaelson DB SIG APNIC17/APRICOT 2004 Feb KL, Malaysia.

18th APNIC Open Policy Meeting SIG: DB Thursday 2 September 2004 Nadi, Fiji Chair: Xing Li.

1 Kyung Hee University Chapter 18 Domain Name System.

U.S. General Services Administration Office of Governmentwide Policy GSA EXPO May 4, 2010 Lee Ellis U.S. General Services Administration Office of Governmentwide.

Early Registration Transfer Project Status Update.

APTLD Meeting APNIC’s Experience with IPv6 24 February 2009, Manila Arth Paulite – APNIC.

Configuring Name Resolution and Additional Services Lesson 12.

Domain Name System (DNS). DNS Server Service Overview of Domain Name System What Is a Domain Namespace? Standards for DNS Naming.

1 Internet Network Services. 2 Module - Internet Network Services ♦ Overview This module focuses on configuring and customizing the servers on the network.

Sweeping Lame DNS Delegations A Proposal DNS OPS SIG APNIC 15, Taipei, Taiwan 26 February 2003.

1 Discussion of the new DNS generation system DNS Operations SIG APNIC 18 2nd September 2004, Fiji.

APNIC Security Update APSIRCC 2002 Tokyo, 25 March 2002.

Publishing zone scan data using an open data portal Sebastian Castro OARC Workshop Montreal – Oct 2015.

Securing Future Growth: Getting Ready for IPv6 NOW! ccTLD Workshop, 8 th April 2011 Noumea, New Caledonia Miwa Fujii, Senior IPv6 Program Specialist, APNIC.

BZUPAGES.COM. Presented to: Sir. Muizuddin sb Presented by: M.Sheraz Anjum Roll NO Atif Aneaq Roll NO Khurram Shehzad Roll NO Wasif.

Registry Functions Essential components for operating a ccTLD registry.

1 Lame delegation status report DNS Operations SIG APNIC , Hanoi.

APNIC LAME NS measurements. Overview Methodology Initial outcomes from 128 days runtime How bad is the problem? LAME-ness trends Proposals for dealing.

JPNIC UPDATE ~ Personal Data Protection in JPNIC WHOIS ~ Toshiyuki Hosaka Japan Network Information Center (JPNIC) September 7 th, 2005 NIR SIG APNIC

Basics of the Domain Name System (DNS) By : AMMY- DRISS Mohamed Amine KADDARI Zakaria MAHMOUDI Soufiane Oujda Med I University National College of Applied.

Workshop Overview & Registry Model Model by Jaap Akkerhuis Related by Daniel Karrenberg.

Understand Names Resolution

Module 5: Resolving Host Names by Using Domain Name System (DNS)

Regional Internet Registries An Overview

IMPLEMENTING NAME RESOLUTION USING DNS

Lame DNS Server Sweeping

Lame delegation status report

APNIC 29 Policy SIG report

Sanjaya, Project Manager, APNIC Secretariat

Windows Name Resolution

IPv6 Allocation Status Report

Proposal to Clean Up Whois Database

Status Report on Policy Implementation at the APNIC Secretariat

Presentation transcript:

Sweeping lame DNS reverse delegations APNIC16 – DNS Operations SIG Seoul, Korea, 20 August 2003

Overview Amended proposal from AMM15 –Referred back to SIG-DNS list for discussion at AMM 16. Outcomes: –Adopted more ARIN-like communications processes –Clearer definition of applicable problems in state of delegated NS –Refined process to deal with specific lame NS

Definitions DNS delegations are lame if: –Some or all of the registered DNS ns are: Unreachable Badly configured. Registered DNS NS are the NS defined at the delegation point. –In the case of Reverse-DNS for IPv4 and Ipv6 number ranges APNIC allocates, APNIC or another RIR is the delegation point.

Lame DNS conditions ProblemPolicy Implication listed DNS server is not reachableThis should be considered as lame DNS listed DNS server is reachable, but does not respond on port 53. This should be considered as lame DNS. listed DNS server is reachable and responds on port 53, but it is not able to answer for the domain. This should be considered as lame DNS listed DNS server is reachable and responds on port 53, but serves incorrect data for the domain. This should not be considered as lame DNS.

Problem Summary Lame DNS reverse delegations can cause problems across the Internet: –Delays in service binding for clients using affected address ranges: timeouts in reverse-address lookup –Eg receiving party tries to resolve the calling source address. –Refusal of service due to failures during DNS processing.

Problem Summary –Increased DNS traffic between caching DNS nameservers and the listed DNS authority chain down from the root –Processing requests which can only fail after timeout. Measurable load on critical Infrastructure –The RIRs have been requested to investigate and reduce this traffic.

Problem Summary –Lame DNS reverse delegations affect The users of the network in question. Unrelated third parties. –End users cannot resolve problem directly Due to hierarchical nature of authoritative delegation. –If the network administrators do not correct errors in their DNS configurations RIR has to resume control of the delegated domain (pending delegate resuming control) disable the listing of the misconfigured servers.

Proposal Identify potential lameness. –(two points of test, AU & JP) Test the DNS reverse delegation –(15 day test period). Attempt to notify the domain holder –(45 day notice period). Disable lame DNS reverse delegation. –(If not corrected at end of notice period)

Identify potential lameness Modified process –based on scripts used for current statistical measurement exercise –Run independently in Japan and Australia –Mark each delegated NS separately for status –Collate state at HQ nightly to compute aggregated lameness state (pass/fail value, not lame at either location == pass) –Prevents single-point failure in test

Test the DNS reverse delegation 15 day test period –Must be consistently lame for entire period. –Can expose state on website. NS listing status is globally visible anyway in DNS

Attempt to notify the domain holder 45 day contact period Contact administrators of domain –If unresponsive contact administrators of parent zone (either domain or inetnum) –Use all available methods , Fax, Phone

Disable lame DNS reverse delegation Only if domain remains lame during contact period (even if contact successful) Disable by marker in domain: object in whois –Disables only the ‘bad’ NS

If all NS bad, sub-domain is withdrawn from DNS (APNIC will return NXDOMAIN) –While disabled, monthly reminders ed Re-enabling possible at any time by maintainer of domain: object acting: –remove marker(s) via normal whois update –DNS update will apply within 2 hours. Disabled domains will be clearly identifiable –As will disabled NS inside functional domains

Implementation This proposal will be implemented three months after it has been accepted by the APNIC community. –Extend current lame measurement to JP location –Implement decision logic for status checks –Implement communications process to delegates –Code disable function into DNS production cycle –Collect statistics on process for report back to DNS Ops SIG, other bodies

Questions? Feedback?